Description
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.
Remediation
References
Related Vulnerabilities
WordPress Plugin My Calendar Cross-Site Scripting (3.2.17)
Moodle Resource Management Errors Vulnerability (CVE-2015-2268)
Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2022-23794)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.8.7)
WordPress Plugin TheThe Layout Grid Cross-Site Scripting (1.0.0)